\relax 
\@writefile{toc}{\contentsline {title}{Supporting Meaningful Trust Labels in Linux}{1}}
\@writefile{toc}{\contentsline {author}{{Xinyang Ge \and Aliye Malak \and Caleb Severn \and Yibo Wu}\unskip \ \ignorespaces  {\tt  \relax \fontsize  {7}{8}\selectfont  {\{xxg113,azm173,cjs1163,yxw185\}@cse.psu.edu}}}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {1}Abstract}{1}}
\newlabel{sec:abstract}{{1}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Introduction}{1}}
\newlabel{sec:intro}{{2}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Motivation}{1}}
\newlabel{sec:motivation}{{2.1}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Insight}{1}}
\newlabel{sec:insight}{{2.2}{1}}
\citation{conf/ndss/ChariHV10,ec2nd11-vijayakumar,Cai:2009:EUF:1607723.1608123}
\citation{Hardy:1988:CD:54289.871709}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}Contribution}{2}}
\newlabel{sec:contribution}{{2.3}{2}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.4}Organization}{2}}
\newlabel{sec:organization}{{2.4}{2}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Background}{2}}
\newlabel{sec:background}{{3}{2}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Risks and name resolution attacks}{2}}
\newlabel{sec:risks}{{3.1}{2}}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces A directory tree including a symbolic link that might complicate name resolution}}{3}}
\newlabel{fig:link_tree}{{1}{3}}
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces Example of a time-of-check-to-time-of-use attack, showing one possible opportunity for name binding manipulation}}{3}}
\newlabel{fig:TOCTTOU}{{2}{3}}
\citation{conf/usenix/Grunbacher03,asiaccs12-vijayakumar}
\citation{Schellekens200859,parno2008bootstrapping}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Limitations of existing threat models}{4}}
\newlabel{sec:threat}{{3.2}{4}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Defenses against name resolution attacks}{4}}
\newlabel{sec:defense}{{3.3}{4}}
\citation{ec2nd11-vijayakumar}
\citation{Wright02linuxsecurity,LosSma2001}
\citation{smalley:01}
\citation{Biba1977,Wilson_extendinglinux,Hicks:2007:LSA:1266840.1266854}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Extensions to the mechanism of verifying a file}{5}}
\newlabel{sec:mechanism}{{3.4}{5}}
\citation{Hardy:1988:CD:54289.871709}
\citation{wei2005tocttou}
\citation{Yang:2012:CA:2342788.2342803}
\citation{Dean:2004:FRF:1251375.1251389}
\citation{conf/ndss/ChariHV10,ec2nd11-vijayakumar,Cai:2009:EUF:1607723.1608123}
\citation{Vijayakumar:2012:SFN:2362793.2362834,conf/ndss/ChariHV10}
\citation{tsafrir2008portably,pu2006methodical}
\citation{bishop1996checking,Lhee,Uppuluri:2005:PRC:1066677.1066758}
\citation{Tsyrklevich:2003:DDP:1251353.1251370,Yip:2009:IAS:1629575.1629604,bishop1996checking}
\citation{Payer:2012:PAA:2365864.2151052}
\citation{Kashyap04filesystem}
\citation{Cowan:2001:RKP:1251327.1251340,Zhai,LosSma2001}
\citation{Wright02linuxsecurity,Watson:2001:TAT:647054.715753,smalley:01}
\citation{Aizawa}
\citation{DBLP:conf/pacis/YongBTR06}
\citation{Kyle:2007:ULS:1314354.1314371}
\citation{Loscocco:2001:IFS:647054.715771,Hicks:2007:LSA:1266840.1266854,conf/usenix/Grunbacher03}
\citation{Byun:2005:PBA:1063979.1063998}
\citation{Nishimura:2010:ISF:1923661.1923666,Braam,Langford01multiroundrsync,Rosenblum:1992:DIL:146941.146943,Ts'o:2002:PEL:647056.715922,bram2009snapfs}
\citation{Robert:inotify}
\citation{Watson:2001:TAT:647054.715753,Kashyap04filesystem}
\@writefile{toc}{\contentsline {section}{\numberline {4}Related work}{6}}
\newlabel{sec:related_work}{{4}{6}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Attacks}{6}}
\newlabel{sec:rel_attack}{{4.1}{6}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Defenses}{6}}
\newlabel{sec:rel_defense}{{4.2}{6}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Auditing utilities}{6}}
\newlabel{sec:rel_audit}{{4.3}{6}}
\@writefile{toc}{\contentsline {section}{\numberline {5}Design}{7}}
\newlabel{sec:design}{{5}{7}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.1}Concept}{7}}
\newlabel{sec:design_concept}{{5.1}{7}}
\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces Architecture of an in-kernel (SELinux module) reference monitor including support for cryptographic protection}}{7}}
\newlabel{fig:architecture_ideal}{{3}{7}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.2}System architecture}{8}}
\newlabel{sec:design_architecture}{{5.2}{8}}
\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces Architecture of a user-space approximation to a reference monitor, including event monitoring, recording, and support for cryptographic protection in user space}}{8}}
\newlabel{fig:architecture_practical}{{4}{8}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.3}Daemon and event handling}{9}}
\newlabel{sec:design_daemon}{{5.3}{9}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.4}Parser}{9}}
\newlabel{sec:design_parser}{{5.4}{9}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.5}Cryptographic protocols}{9}}
\newlabel{sec:design_crypto}{{5.5}{9}}
\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces Design of cryptographic attributes}}{10}}
\newlabel{fig:crypto_practical}{{5}{10}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.6}User interface}{10}}
\newlabel{sec:design_user}{{5.6}{10}}
\@writefile{toc}{\contentsline {section}{\numberline {6}Evaluation}{10}}
\newlabel{sec:evaluation}{{6}{10}}
\bibstyle{splncs03}
\bibdata{ref}
\bibcite{Biba1977}{1}
\bibcite{bishop1996checking}{2}
\bibcite{Braam}{3}
\bibcite{bram2009snapfs}{4}
\bibcite{Byun:2005:PBA:1063979.1063998}{5}
\bibcite{Cai:2009:EUF:1607723.1608123}{6}
\bibcite{conf/ndss/ChariHV10}{7}
\bibcite{Cowan:2001:RKP:1251327.1251340}{8}
\bibcite{Dean:2004:FRF:1251375.1251389}{9}
\bibcite{conf/usenix/Grunbacher03}{10}
\bibcite{Hardy:1988:CD:54289.871709}{11}
\bibcite{Hicks:2007:LSA:1266840.1266854}{12}
\bibcite{Kashyap04filesystem}{13}
\bibcite{Kyle:2007:ULS:1314354.1314371}{14}
\bibcite{Langford01multiroundrsync}{15}
\bibcite{Lhee}{16}
\bibcite{Loscocco:2001:IFS:647054.715771}{17}
\bibcite{LosSma2001}{18}
\@writefile{toc}{\contentsline {section}{\numberline {7}Conclusion}{11}}
\newlabel{sec:conclusion}{{7}{11}}
\bibcite{Robert:inotify}{19}
\bibcite{Nishimura:2010:ISF:1923661.1923666}{20}
\bibcite{Aizawa}{21}
\bibcite{parno2008bootstrapping}{22}
\bibcite{Payer:2012:PAA:2365864.2151052}{23}
\bibcite{pu2006methodical}{24}
\bibcite{Rosenblum:1992:DIL:146941.146943}{25}
\bibcite{Schellekens200859}{26}
\bibcite{smalley:01}{27}
\bibcite{tsafrir2008portably}{28}
\bibcite{Ts'o:2002:PEL:647056.715922}{29}
\bibcite{Tsyrklevich:2003:DDP:1251353.1251370}{30}
\bibcite{Uppuluri:2005:PRC:1066677.1066758}{31}
\bibcite{ec2nd11-vijayakumar}{32}
\bibcite{asiaccs12-vijayakumar}{33}
\bibcite{Vijayakumar:2012:SFN:2362793.2362834}{34}
\bibcite{Watson:2001:TAT:647054.715753}{35}
\bibcite{wei2005tocttou}{36}
\bibcite{Wilson_extendinglinux}{37}
\bibcite{Wright02linuxsecurity}{38}
\bibcite{Yang:2012:CA:2342788.2342803}{39}
\bibcite{Yip:2009:IAS:1629575.1629604}{40}
\bibcite{DBLP:conf/pacis/YongBTR06}{41}
\bibcite{Zhai}{42}
